Subject: RE: ipnat rdr rules on the same segment?
To: 'mel kravitz' <firstname.lastname@example.org>
From: David Woyciesjes <DAW@yalepress3.unipress.yale.edu>
Date: 10/26/2000 12:14:08
IIRC, it would have to go in from one NIC, and out another. I would say to
check http://www.obfuscation.org/ipf/ipf-howto.txt for a better answer...
Check about halfway down, labelled page 26.
Taken from there...
An extremely important point must be made about rdr: You
cannot easily use this feature as a "reflector". E.g:
rdr tun0 126.96.36.199/32 port 80 -> 188.8.131.52 port 80 tcp
will not work in the situation where .5 and .6 are on the
same LAN segment. The rdr function is applied to packets
--- David A Woyciesjes
--- C & IS Support Specialist
--- Yale University Press
--- (203) 432-0953
--- ICQ # - 905818
-> -----Original Message-----
-> From: mel kravitz [mailto:email@example.com]
-> Sent: Thursday, October 26, 2000 11:54 AM
-> To: firstname.lastname@example.org
-> Subject: ipnat rdr rules on the same segment?
-> Can ipnat (rdr )redirect port 80 from www(x.y.z.b)machine to
-> FW(x.y.z.a)machine when both reside on the same outside segment? Is a
-> rule such as the following possible?
-> rdr fxp0 x.y.z.b port 80 -> x.y.z.a port 80